Linux – How do i do IP address translation with iptables

iptableslinuxredhat

I need to create a route in iptables which allows to use my second IP address as source(not default one) when i connect to an external FTP server. How do i create that route for iptables? i am not very familiar with Linux/Redhat any help on the commands would be highly appreciated.

Thanks for any direction!

Best Answer

You need to use a source NATing rule like:

$ sudo iptables -t nat -A POSTROUTING -s your_private_ip -d FTP_server_ip -j SNAT --to-source your_public_ip

You can also specify the interface using -i eth0.

Related Solutions

Linux – help with iptables cannot connect to web server

I think the problem is this rule:

-A INPUT -j REJECT --reject-with icmp-host-prohibited

That tells IPTables to reject everything coming in on the INPUT chain, i.e. all incoming packets. And since IPTables reads (and applies) its rules in order from top to bottom, for NEW packets coming in on ports 80 and 3306, that's the first rule that matches. So they all get rejected. The only packets that wouldn't be rejected by that rule are the ones coming into port 22, since the rule right above it says to accept them.

To fix it, just move that rule to the end of the file. That way, IPTables will encounter the rules saying to ACCEPT packets on ports 80 and 3306 first.

On a slightly related note, I've written an IPTables tutorial on my website that might have some useful information for you.

Redhat – how do i bind two different IP addresses to single Linux server

Binding is the easy part:

ifconfig eth0:0 1.2.3.5 netmask 255.255.255.0

And then add that IP address to your apache config

Listen 1.2.3.5:80

However, chances are real good that your server already listens on the extra IP address. You can tell this if your httpd.conf file has this in it:

Listen 80

Which tells the server to listen on port 80 of any IP address the server has.

The trickier part is getting your web-app to use that IP address on the outbound connection. Unless you take steps, outbound connections will likely use whatever is bound to "eth0" instead of "eth0:0". Your socket-building API may allow selecting either an interface or an IP address as part of the setup, your mileage may vary.

However, if you're behind a NAT gateway (if the server's actual IP address starts with 10, 172, or 192 this is a sure sign) and not binding publicly routeable addresses to your web-server things get more complicated. In that case your border device needs to be smart enough to know that traffic destined to a specific IP address needs to be rewritten as if it were coming from a second public IP address bound to the firewall. If your firewall/NAT can't do that, you may very well be out of luck.

Best Answer

Related Solutions

Linux – help with iptables cannot connect to web server

Redhat – how do i bind two different IP addresses to single Linux server

Related Topic